root@whoami /usr/share/easy-rsa # ./clean-all root@whoami /usr/share/easy-rsa # ./build-ca
Generating a 4096 bit RSA private key...............................................................................................................++
...........................................................................................................................................................................................................................................................++
writing new private key to 'ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [DE]:
State or Province Name (full name) [MD]:
Locality Name (eg, city) [Magdeburg]:
Organization Name (eg, company) [hack2sec]:
Organizational Unit Name (eg, section) [Whoami]:
Common Name (eg, your name or your server's hostname) [hack2sec CA]:Server
Name [EasyRSA]:
Email Address [bazzd@posteo.de]:

#Server Zertifikat erstellen

Code:

root@whoami /usr/share/easy-rsa # ./build-key-server Server
Generating a 4096 bit RSA private key
.........................++
........................................++
writing new private key to 'Server.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [DE]:
State or Province Name (full name) [MD]:
Locality Name (eg, city) [Magdeburg]:
Organization Name (eg, company) [hack2sec]:
Organizational Unit Name (eg, section) [Whoami]:
Common Name (eg, your name or your server's hostname) [Server]:
Name [EasyRSA]:
Email Address [bazzd@posteo.de]:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /usr/share/easy-rsa/openssl-1.0.0.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'DE'
stateOrProvinceName :PRINTABLE:'MD'
localityName :PRINTABLE:'Magdeburg'
organizationName :PRINTABLE:'hack2sec'
organizationalUnitName:PRINTABLE:'Whoami'
commonName :PRINTABLE:'Server'
name :PRINTABLE:'EasyRSA'
emailAddress :IA5STRING:'bazzd@posteo.de'
Certificate is to be certified until Oct 18 21:33:39 2026 GMT (3650 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

#Client Zertifikate erstellen

Code:

root@whoami /usr/share/easy-rsa # ./build-key client1
Generating a 4096 bit RSA private key
......................................++
..++
writing new private key to 'client1.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [DE]:
State or Province Name (full name) [MD]:
Locality Name (eg, city) [Magdeburg]:
Organization Name (eg, company) [hack2sec]:
Organizational Unit Name (eg, section) [Whoami]:
Common Name (eg, your name or your server's hostname) [client1]:
Name [EasyRSA]:
Email Address [bazzd@posteo.de]:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /usr/share/easy-rsa/openssl-1.0.0.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'DE'
stateOrProvinceName :PRINTABLE:'MD'
localityName :PRINTABLE:'Magdeburg'
organizationName :PRINTABLE:'hack2sec'
organizationalUnitName:PRINTABLE:'Whoami'
commonName :PRINTABLE:'client1'
name :PRINTABLE:'EasyRSA'
emailAddress :IA5STRING:'bazzd@posteo.de'
Certificate is to be certified until Oct 18 21:39:17 2026 GMT (3650 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
# Firewall
/root/firewallregeln.sh
exit 0